It's okay I'm on the list...trojan whitelists itself to stay connected to attackers

The trojan fires an ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS intent in order to circumvent a Doze restriction.

Authors of the Android.Fakebank.B malware developed a new trick whitelist itself on a users device to stay connected with the attackers.

The latest variant of the trojan horse malware uses social engineering to allow it to bypass Doze battery-saving power-saving feature in Android 6.0 Marshmallow, to stay connected to command and control servers even when the device is dormant, according to a Nov. 17 blog post.

The trojan fires an ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS intent in order to circumvent the Doze restriction which then triggers a pop-up message asking the user to add the app to the Battery Optimizations exceptions whitelist, researchers said in the post.

If a user falls for the trick and accepts the prompt's request, the malware will be added to the Battery Optimization exception whitelist which would allow it to stay connected to the attacker remote location regardless of whether or not the device is active.

“This whitelisting is only applicable to allowing the connection to a command and control server to remain active if the device's battery is in a particular power saving mode,” Ewell said. “This wouldn't be considered an exploit and would be unlikely to be patched as that could negatively impact legitimate usage of this feature.”

To prevent infection, researchers recommend users keep their software up to date, don't upload apps form unfamiliar sites, only install apps from trusted sites, pay attention to permission requests, install security apps, and frequently back up important data.

The malware made headlines earlier this year for not allowing infected customers to call their bank's customer service departments to cancel cards after the malware compromised their cards.

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.